SoC is a microcomputer that integrates main functions of a computer including that of a processor, memory, or a peripheral device and equips it on one chip. SoC dramatically reduces the area required for implementation and remarkably reduces power consumption compared with other systems made up of a plurality of chips with equivalent functions. That is why SoC is used in a built-in appliance and the like.
In SoC, usually a processor as well as a read-only memory (ROM) and a random access memory (RAM) containing data can be incorporated on the same chip. This makes it difficult to directly access the incorporated ROM and RAM from outside (for example, to connect with a data bus of the ROM and RAM with a logic analyzer and electrically read in data). This is good in terms of security.
When SoC is subjected to a test such as debugging, the SoC cannot be checked by touching a probe on a terminal like in the case of an element on a board. Thus, a test, called Boundary Scan Test (BST), for checking the behavior of a chip by entering a test code from outside is broadly adopted (for example, see Published Unexamined Patent Application JP2001 147831A2).
A standard method of BST is the IEEE 1149.1 standard, known as JTAG. SoC corresponding to JTAG includes a JTAG port used for inputting/outputting and controlling test data, or an interface called TAP (Test Access Port) and a TAP controller in addition to a circuit serving a primary function of SoC in order to facilitate debugging of a chip and development of software. SoC corresponding to JTAG is designed to control a processor through a JTAG port and cause the processor to execute any instruction via the JTAG port. For example, PowerPC™ developed by International Business Machines Corporation (IBM®) in the United States can control a processor by connecting a debugger, developed by IBM, called RISCWatch™ (a debug tool) to a JTAG port of the processor.
As mentioned above, SoC is generally provided with a port and a controller for performing a boundary scan test. With a debug function provided by the port and controller, SoC can be invaded and have its memory accessed, allowing the content to be read.
In other words, with a debugger, such as the abovementioned RISCWatch™, contents of an inside register of SoC can be freely read in or written. With this function, data stored in memory can be read in and the content can be saved in an inside register. The content of the register further can be freely retrieved outside the SoC via a TDO (Test Data Output) terminal of JTAG. In this manner, data can be freely read from memory area that is forbidden to be accessed by MMU (Memory Management Unit) or the like (hereinafter referred to as a protected area).
Means for forbidding invasion of SoC with a debugger like those described above include a method for not connecting (not wiring) JTAG to a processor.
If JTAG is not connected to a processor, a debugger cannot be connected to the processor, which is sufficient in terms of data protection. However, this impedes debugging of a chip or development of software and requires a chip for debugging other than the product to be developed, therefore increases the cost.
SoC can be designed to allow memory to be accessed only by a specific procedure to make it difficult to access the memory. However, this method is not sufficient protection, because once the procedure is broken, it cannot prevent memory from being accessed.
Thus there is a need to provide a system of SoC and a method for controlling thereof for solving the abovementioned problems, and assuredly prevent a protected area of memory from being accessed when SoC is invaded, and also for allowing debugging in a conventional boundary scan test.